Pages

Tuesday, March 08, 2016

Apple Moves Quickly to Squash Ransomware Concerns

While ransomware may hardly be a new thing, this weekend saw a new first for the malicious software as it for the first time ever has been confirmed as targeting Apple Mac OSX users.

Palo Alto Networks, A security research firm announced Sunday its discovery of what is believed to be the world’s first ransomware that specifically goes after OS X machines. The malicious code dubbed "KeRanger" ransomware, was found wrapped into Transmission, which is a free Mac BitTorrent client.

At this time it is still unclear exactly how the attackers managed to upload a tampered version of
Transmission to the application's website. But compromising legitimate
applications is a commonly used method. "It’s possible that Transmission's official website was compromised and
the files were replaced by re-compiled malicious versions, but we can’t
confirm how this infection occurred," Palo Alto Networks wrote on its blog.

The KeRanger malware imposes a 72-hour lockout window unless the victim pay up to unlock their devices. As mentioned the software was loaded to OSX machines unintentionally by users running version 2.90 of the Transmission software. A version that was signed with a legitimate Apple
developer's certificate. This allowed the software to bypass one of OSX's security settings as users often set the setting to
allow downloads from identified Apple developers. This setting means the person with the infected machine may not ever have seen
a warning from Apple's GateKeeper software that the application could be dangerous.

According to reports by Reuters Apple revoked a certificate that allowed the software to be installed on Macs, and Transmission removed the download link from its website noting that any users that downloaded the infected version over the weekend should immediately upgrade to version 2.91 of the software, which was available on its website, and delete the malicious one.